The advocacy group Human Rights Watch has written to the European Union to argue that online surveillance in the USA is so broad and has such weak safeguards, that it should invalidate the Privacy Shield agreement between the two.
The flaws in Privacy Shield
The Privacy Shield arrangement between the EU and the UK is the agreement which legalises the transfer of personal data between the nations of the EU and the USA.
The EU has particularly strong privacy rules regarding the way big tech companies can handle their user’s data. Data cannot be transferred to countries outside the EU unless they meet the same standards and will offer the same level of data protection and privacy.
This has been an issue between the EU and the USA before with the former agreement, known as Safe Harbour, collapsing after it was revealed that the data was subject to surveillance in the USA.
But now Human Rights Watch and Amnesty International are arguing, ahead of the first annual review of Privacy Shield which takes place this September, that data is no safer under the new arrangements.
When Privacy Shield was first implemented, the EU achieved a handful of concessions from the EU on how the data was handled and claimed that it was satisfied that the US provided sufficient rights protections.
Issues with US surveillance
But Human Rights Watch claim that not just one but several types of US surveillance fail to comply with EU rights standards and therefore Privacy Shield should no longer be valid.
The co-director of the US Program at Human Rights Watch, Maria McFarland Sánchez-Moreno, explained that “There’s no way to get around the fact that US laws and policies allow abusive monitoring and need to be drastically overhauled before they can meet human rights standards.”
“The European Commission should face this reality and insist that genuine, thoroughgoing reforms be adopted,” she went on.
In the briefing, they have submitted to the European Union review, there are two particularly US surveillance programmes which they claim go against fundamental rights. These are Section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333.
The first is primary legislation which facilitates at least two warrantless surveillance programmes of which we are aware and which US Congress is currently agonising over whether or not to renew. The second is the legal basis on which the US National Security Agency (NSA) uses to underpin its surveillance programmes, which are also thought to include warrantless programmes.
Should have to choose between privacy or Facebook
Human Rights Watch point out that it is difficult to mount any sort of legal challenge to these programmes owing to the lack of transparency around them and it is also almost impossible for individuals to know whether they have fallen victim to them or not.
As Maria McFarland Sánchez-Moreno goes on to say, “People shouldn’t have to choose between having their human rights protected and being able to use whatever internet services they may prefer. [The EU should] take action to make sure no one’s rights are sacrificed in the name of political or economic convenience.”
She is, of course, right, but that doesn’t necessarily mean that politics will not come into play during the review process.
The EU’s relationship with the US is an important one and there will also be intense pressure from big tech firms like Facebook and Google, to ensure that they can still transfer user data as they see fit. They have a decent record of standing up for the rights of their citizens in the face of such pressure, but it remains to be seen whether they will in this instance.
But the case presented by Human Rights Watch in a compelling one and even if Privacy Shield is not struck down, it should serve to warn internet users in Europe that their data is not safe on sites such as Facebook and that they should be taking steps to protect themselves.